Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-20	CVE-2024-7773	Unspecified vulnerability in Ollama 0.1.37 A vulnerability in ollama/ollama version 0.1.37 allows for remote code execution (RCE) due to improper input validation in the handling of zip files. network low complexity ollama critical	9.8
2025-03-20	CVE-2024-7776	Unspecified vulnerability in Onnx A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. network low complexity onnx critical	9.1
2025-03-20	CVE-2024-8156	Unspecified vulnerability in Agpt Autogpt A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. network low complexity agpt critical	9.8
2025-03-20	CVE-2024-8487	Unspecified vulnerability in Modelscope Agentscope 0.0.4 A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. network low complexity modelscope critical	9.8
2025-03-20	CVE-2024-8769	Path Traversal vulnerability in Aimstack AIM A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. network low complexity aimstack CWE-22 critical	9.1
2025-03-20	CVE-2024-8898	Unspecified vulnerability in Lollms web UI 12 A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). network low complexity lollms critical	9.8
2025-03-20	CVE-2024-8953	Improper Control of Dynamically-Managed Code Resources vulnerability in Composio 0.4.3 In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. network low complexity composio CWE-913 critical	9.8
2025-03-20	CVE-2024-8958	Unspecified vulnerability in Composio 0.4.3 In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. network low complexity composio critical	9.8
2025-03-20	CVE-2024-9053	OS Command Injection vulnerability in Vllm-Project Vllm 0.6.0 vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. network low complexity vllm-project CWE-78 critical	9.8
2025-03-20	CVE-2024-9095	Improper Authorization vulnerability in Lunary 1.4.28 In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. network low complexity lunary CWE-285 critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical